Who’s Afraid Of WebGL?
If you have been paying attention to WebGL news, you will no doubt have heard that Microsoft is officially really concerned about the security of WebGL. Of course there are differing views, even within Microsoft. The topic has been done to death, so I won’t re-hash it here. If you have missed the hubbub, LearningWebGL covers it pretty extensively.
What is interesting is, WebGL in the way we are using it for Project Nitrous in Autodesk Labs is definitely NOT a security risk.
Consider this scenario:
- User Visits Nitrous
- Uploads DWF file
- DWF gets converted by our servers into JSON
- JSON is delivered to Viewer, in browser... WebGL! (if it’s 3D)
At no point is the pipeline subject to malicious code injection.
WebGL has direct access to your GPU, and graphics drivers are not known for their focus on security. A WebGL application with evil intent could potentially DOS your machine, or worse. A question to ask yourself is: “do you trust the author of the app you are using”.
It seems to me that the whole WebGL security issue will likely be resolved by browsers asking users this question (Much like Microsoft does now for ActiveX). In this way, WebGL is no more of a security risk than ActiveX or any other code you download from the internet.
So go check out Nitrous, it’s from a trusted source... your friends here at Autodesk.